Risk Assessment in Hajj Event - Based on Information Leakage Asif Bhat Department of Information Technology International Islamic University Malaysia Kuala Lumpur Malaysia Said KH. Ally Department of Information Technology International Islamic University Malaysia Kuala Lumpur Malaysia Haimi Ardiansyah Department of Information Technology International Islamic University Malaysia Kuala Lumpur Malaysia Jamaluddin Ibrahim Department of Information Technology International Islamic University Malaysia Kuala Lumpur Malaysia Abstract---Annually, millions of Muslims embark on a religious pilgrimage called the “Hajj” to Mecca in Saudi Arabia. Management of Hajj activities is a very complex task for Saudi Arabian authorities and Hajj organizers due to the large number of pilgrims, short period of Hajj and the specific geographical area for the movement of pilgrims. The mass migration during the Hajj is unparalleled in scale, and pilgrims face numerous problems. Including RFID tags there are many types of identification and sensor devices developed for efficient use. Such technologies can be used together with the database systems and can be extremely useful in improving the Hajj management. The information provided by the pilgrims can be organised in the Hajj database and can be used to effectively identify individuals. The current system of data management is mostly manual, leading to various leaks. As more of the sensitive data gets exposed to a variety of health care providers, merchants, social sites, employers and so on, there is a higher chance of Risk. An adversary can “connect the dots” and piece together the information, leading to even more loss of privacy. Risk assessment is currently used as a key technique for managing Information Security. Every organization is implementing the risk management methods. Risk assessment is a part of this superset, Risk Management. While security risk assessment is an important step in the security risk management process, this paper will focus only on the Risk assessment. Keywords: Hajj, Information Leakage, Risk Assessment. I. INTRODUCTION The Hajj (Arabic: حجḤaǧǧ "Pilgrimage") is an Islamic pilgrimage to Mecca and the largest gathering of Muslim people in the world every year. It is one of the five pillars of Islam, and a religious duty which must be carried out by every able-bodied Muslim who can afford to do so at least once in his or her lifetime. Hajj is a unique gathering of its kind and poses a challenge to its organisers. Management of the annual pilgrimage to Mecca known as Hajj is a very complex task. Recently many types of identification and sensor devices, including RFID tags [1], have been developed. Such technologies, together with the use of database can be extremely useful in improving the Hajj management. Information leakage is a real and growing problem. Every month, news about another organization leaking confidential information becomes public. These are the known cases that have a visible impact. Many similar incidents occur daily and the vast majority of information leaks are accidental: it is not solely the result of intentional, harmful actions. Unintentional data loss is perhaps more dangerous because those affected are not necessarily aware of, or able to act on, the problem. Aside from any other impact, information loss may represent a very high cost for organizations. Information loss has both direct and indirect costs: the intellectual property or industrial information itself together with the cost of handling the consequences of its loss. Indirect costs include: loss of credibility, erosion of competitive advantage and regulatory transgressions [2]. The growing awareness of the risks of information leakage was sparked by a series of corporate scandals in which confidential information was disclosed. As the majority of those cases demonstrate, such breaches are often not the result of malicious wrongdoing, but International Journal of Computer Science and Information Security (IJCSIS), Vol. 13, No. 10, October 2015 151 https://sites.google.com/site/ijcsis/ ISSN 1947-5500